Debian DSA-5173-1 : linux - security update

high Nessus Plugin ID 162703

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5173 advisory.

- net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)

- An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)

- A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

- An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
(CVE-2022-0812)

- A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the linux packages.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922204

https://security-tracker.debian.org/tracker/source-package/linux

https://www.debian.org/security/2022/dsa-5173

https://security-tracker.debian.org/tracker/CVE-2021-4197

https://security-tracker.debian.org/tracker/CVE-2022-0494

https://security-tracker.debian.org/tracker/CVE-2022-0812

https://security-tracker.debian.org/tracker/CVE-2022-0854

https://security-tracker.debian.org/tracker/CVE-2022-1011

https://security-tracker.debian.org/tracker/CVE-2022-1012

https://security-tracker.debian.org/tracker/CVE-2022-1016

https://security-tracker.debian.org/tracker/CVE-2022-1048

https://security-tracker.debian.org/tracker/CVE-2022-1184

https://security-tracker.debian.org/tracker/CVE-2022-1195

https://security-tracker.debian.org/tracker/CVE-2022-1198

https://security-tracker.debian.org/tracker/CVE-2022-1199

https://security-tracker.debian.org/tracker/CVE-2022-1204

https://security-tracker.debian.org/tracker/CVE-2022-1205

https://security-tracker.debian.org/tracker/CVE-2022-1353

https://security-tracker.debian.org/tracker/CVE-2022-1419

https://security-tracker.debian.org/tracker/CVE-2022-1516

https://security-tracker.debian.org/tracker/CVE-2022-1652

https://security-tracker.debian.org/tracker/CVE-2022-1729

https://security-tracker.debian.org/tracker/CVE-2022-1734

https://security-tracker.debian.org/tracker/CVE-2022-1974

https://security-tracker.debian.org/tracker/CVE-2022-1975

https://security-tracker.debian.org/tracker/CVE-2022-21123

https://security-tracker.debian.org/tracker/CVE-2022-21125

https://security-tracker.debian.org/tracker/CVE-2022-21166

https://security-tracker.debian.org/tracker/CVE-2022-2153

https://security-tracker.debian.org/tracker/CVE-2022-23960

https://security-tracker.debian.org/tracker/CVE-2022-26490

https://security-tracker.debian.org/tracker/CVE-2022-27666

https://security-tracker.debian.org/tracker/CVE-2022-28356

https://security-tracker.debian.org/tracker/CVE-2022-28388

https://security-tracker.debian.org/tracker/CVE-2022-28389

https://security-tracker.debian.org/tracker/CVE-2022-28390

https://security-tracker.debian.org/tracker/CVE-2022-29581

https://security-tracker.debian.org/tracker/CVE-2022-30594

https://security-tracker.debian.org/tracker/CVE-2022-32250

https://security-tracker.debian.org/tracker/CVE-2022-32296

https://security-tracker.debian.org/tracker/CVE-2022-33981

https://packages.debian.org/source/buster/linux

Plugin Details

Severity: High

ID: 162703

File Name: debian_DSA-5173.nasl

Version: 1.10

Type: local

Agent: unix

Published: 7/4/2022

Updated: 3/27/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-1012

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-powerpc64le, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmdbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-4kc-malta, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm, p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-s390x, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:linux-kbuild-4.19, p-cpe:/a:debian:debian_linux:libcpupower-dev, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64, p-cpe:/a:debian:debian_linux:libbpf4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64, p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-s390x, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armel, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-s390, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg, p-cpe:/a:debian:debian_linux:usbip, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae, p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template, p-cpe:/a:debian:debian_linux:linux-doc-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-ppc64el, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mipsel, p-cpe:/a:debian:debian_linux:linux-source-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips64el, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmlpae, p-cpe:/a:debian:debian_linux:linux-cpupower, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp, p-cpe:/a:debian:debian_linux:libcpupower1, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-loongson-3, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-marvell, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-octeon, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rpi, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:linux-perf-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt, p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmlpae, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmdbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmlpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon, p-cpe:/a:debian:debian_linux:linux-config-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-5kc-malta, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae, p-cpe:/a:debian:debian_linux:libbpf-dev, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le-dbg, p-cpe:/a:debian:debian_linux:hyperv-daemons

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/3/2022

Vulnerability Publication Date: 7/3/2022

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2021-4197, CVE-2022-0494, CVE-2022-0812, CVE-2022-0854, CVE-2022-1011, CVE-2022-1012, CVE-2022-1016, CVE-2022-1048, CVE-2022-1184, CVE-2022-1195, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1353, CVE-2022-1419, CVE-2022-1516, CVE-2022-1652, CVE-2022-1729, CVE-2022-1734, CVE-2022-1974, CVE-2022-1975, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-2153, CVE-2022-23960, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390, CVE-2022-29581, CVE-2022-30594, CVE-2022-32250, CVE-2022-32296, CVE-2022-33981